In computer networks, domain names are translated to Internet Protocol (IP) addresses by Domain Name System (DNS) servers. Fast-flux typically refers to DNS techniques used by networks of compromised computers or “botnets” to hide malicious websites, such as phishing sites and malware delivery sites, behind a rapidly-changing network of “flux agents” serving as proxies. Dedicated malicious DNS servers return IP addresses of the proxies in response to DNS requests relating to the domain name of a given malicious website. Fast-flux generally involves associating numerous IP addresses with a single domain name and rotating the IP addresses at high frequency through alteration of DNS records. This not only makes it very difficult to detect the actual malicious website, but also thwarts defense mechanisms such as IP-based access control lists (ACLs).